Abstract

As the Internet and the telephone network have become increasingly
interconnected and interdependent, attackers can impersonate or
obscure calling party numbers when orchestrating bulk commercial
calling schemes, hacking voicemail boxes, or even circumventing
multi-factor authentication systems trusted by banks. This document
analyzes threats in the resulting system, enumerating actors,
reviewing the capabilities available to and used by attackers, and
describing scenarios in which attacks are launched.